IE Add-ons that can't be disabled.

Posted on 2014-03-26
Medium Priority
Last Modified: 2014-04-19
Hi, and thanks for any ideas...

I have a client for whom I disinfected a PC which was severely compromised by an unscrupulous company he had hired to remove Kaspersky (which just would not uninstall) with McAfee, so some strange reason.  Kaspersky was not uninstalled by them, but they loaded it up with much malware and spyware.

I completed the removal of Kaspersky with Kaspersky's uninstall tool, and then disinfected the PC with a number of tools.  Then installed McAfee. The browsers were also compromised, in that a number of nasty add-ons were present.  I was able to remove or disable most, except for 4 add-on which I could not disablein IE (Ver 10),.  So for the meantime, I removed the directories to which each was referring

I would like to know how to get rid of, or at least disable the add-ons still shown in the Capture1.png file.

I have attached two files:  The Capture1.png is a snip of the bad-boy add-ons, and the PDF file is the additional info available on three of them.

Thanks lots for any ideas.
Question by:mlitin
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 84

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 400 total points
ID: 39958208
It may be McAfee that is preventing you from un-installing those items.  You might try disconnecting the network, uninstall McAfee, reboot and see if you can uninstall those items.
LVL 44

Accepted Solution

Darr247 earned 800 total points
ID: 39958710
Have you looked in Start -> Accessories -> System Tools -> Task Scheduler ?
On the left, click the Task Scheduler Library.
In the middle, check the Actions tab of each item you don't recognize, to see if they point to those programs and/or removed subdirs. Some cleaners will remove those; most won't.

You can also use the Reset button on the Advanced tab of Internet Options, including the Personal Settings.Internet Options - Advanced - Reset - Delete Personal SettingsThat's usually a last resort, but you may be reaching that point.

Did you already run a full scan with MalwareBytes Antimalware?

edit: Many recommend running Tigzy's RogueKiller (see tutorial on that page) first, then - without exiting RogueKiller - run MBAM. RogueKiller looks for and kills suspicious programs that might deflect MBAM's process by reinstalling itself as soon as MBAM removes it.
LVL 50

Assisted Solution

jcimarron earned 400 total points
ID: 39959369
"To remove add–ons from your PC

1.Open Internet Explorer.

2.Click the Tools button, and then click Manage add-ons.

3.Under Show, click All add-ons, and then select the add-on you want to delete.

4.If the add-on can be deleted, you'll see the Remove option at bottom right. Click Remove and then click Close.  If the add-on can not be deleted you will usually be offered the option to Disable.

Not all add-ons can be removed and BHO's cannot be removed. Some add–ons are necessary for Internet Explorer and your PC to work correctly."

Modified from http://windows.microsoft.com/en-us/internet-explorer/manage-add-ons#ie=ie-11-win-7

Concerning #4 double clicking on a particular add-on may offer a popup with the Remove option.  It will also show you where the add-on or BHO is located in the Registry.
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

LVL 25

Assisted Solution

by:Tony Giangreco
Tony Giangreco earned 400 total points
ID: 39970545
Here is a comprehensive list of items to check that should help:

1. Install Process Explorer to find out what runs at startup

2. Go to All programs, Administrative Tools, Event Viewer. Check the System and Application sections for errors that may be causing your problems.

3. If you haven't also ready checked for Viruses, update your virus definitions and run a Full Scan, deleting all virus and spyware detected

4. If you don’t have any Anti Virus installed, here are a few free ones to try:

5. If spyware is found, download and run these free anti spyware apps

6. Run a Disk Cleanup: Start, All Programs, Accessories, System Tools, Disk Cleanup.
Include Temporary Internet Files and Temp files

7. Run Error Checking: Start, Computer, right click  on C:\, Tools, Error Checking.
Select "Automatically fix file system errors" and click start

8. Check for all programs that start at Boot: Start, Run, type MSCONFIG, on the startup tab, review the programs listed. Uncheck anything that should not run on startup

9. Defrag all hard drives: Click My Computer, right click the C drive, click Tools, Disk Defragmenter, Click Analyze to check the amount of fragmentation or Defrag to run the process. You repeat this per drive.

General Maintenance to keep your pc up to date
1. Run Windows Update and select all Microsoft updates and security patches

2. Update your Pc's System Bios

3. Update your drivers: Motherboard Chipset, Network Adaptor, Video, Audio & Printers

Author Closing Comment

ID: 40010495
Hi All

Thanks much for you excellent suggestions, I completely reinitialized IE and ran a number of anti spyware utilities, found and eliminated a few lingering boogie-things, and all was good.
LVL 50

Expert Comment

ID: 40010509
Glad to have helped.

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup" or a blinking cursor with black screen. A loop for Auto repair will start but fix nothing.  You will be panic as there are no back…
A quick guide on how to use Group Policy to create a custom power plan and set it active on Windows 7.
This Micro Tutorial will teach you how to change your appearance and customize your Windows 7 interface to your unique preference. This will be demonstrated using Windows 7 operating system.
Shows how to create a shortcut to site-search Experts Exchange using Google in the Chrome browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch the Search Engine Menu: In chrome, via you…

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question